Dave's Bit Bucket

Dave Walker's jottings - mostly pertaining to security

All | Cooking | General | Java | Networking | Security

« Previous day (Jan 27, 2008) | Main | Next day (Jan 28, 2008) »
20080128 Monday January 28, 2008

"Authenticate the endpoints, as well as the transactions"

As I'm sure you're aware, Société Générale just had their Nick Leeson moment, on an even grander scale.

Reading Friday's Telegraph and Saturday's Times on the matter (my home local is less right of centre than my office local, in terms of newspaper choice), it would appear that Jérome Kerviel's activities wouldn't have been curtailed by technology as currently deployed. The three standard controls deployed at SocGen are:

  • cash flow monitoring - all transactions are monitored and the flow of cash traced
  • "straight-through" automated processing - every trade is performed on a central infrastructure which distributes the details to the accounting, cash management and risk control groups
  • the "middle office", where the risk controllers act as gatekeepers, monitoring the flow of cash and mediating any trades or requests for trades from the dealers
What Kerviel did, was set up his own, far more elaborate answer to Leeson's infamous 88888 account; the risk controllers would have believed that Kerviel was trading with real customers (Kerviel had been a risk controller for a while, so knew in detail what patterns of trades and requests were typical), so he wasn't challenged.

As far as I can tell, there are two ways in which this can be prevented from happening again.

1. Fix the human factors, by ensuring that no risk controller or former risk controller can ever get a job as a trader. You'd have to have some sort of central database of risk controllers maintained by the banking industry as a whole, and the risk controllers would likely be annoyed by such an initiative, since good traders are paid significantly better than good risk controllers; it may be necessary to even this up a bit...

2. Actually authenticate the endpoints, as well as the transactions. If a signed trade request is sent, and returned countersigned with an acknowledgement, such that both certificates have organisaton names matching the organisation names on the trade-to-be, can be traced back to "known good" root CAs and aren't on any "known good" CRLs, before any funds are transferred, then you have to have parties in both organisations collaborating in order to achieve anythng underhand.

Of course, how a CA or CRL is determined to be "known good" is left as an exercise for the reader...

Update:

Steve Bellovin cast his net wider, for source material, and found information to the effect that Kerviel was "using other people's passwords".

Anyone for smartcards and Sun Rays, SocGen?

(2008-01-28 07:44:11.0) Permalink Comments [0]

Calendar

« January 2008 »
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today

RSS Feeds

XML
All
/Cooking
/General
/Java
/Networking
/Security

Search

Links

Innovate on OpenSolaris

  Read via bloglines :
British Blog Directory.


Navigation


blogs.sun.com
Weblog
Login


Referers

Today's Page Hits: 226